OK, you've convinced me -- how do I setup a VPN or run VPNMON-R2?
In case you're curious about how to configure your own amazing whole-home VPN setup, here are some basic instructions... Please understand that this is how I have my OVPN client slots setup, and your needs may differ, so feel free to jump into this thread if you have any other setup questions!
1.) Insert a Flashdrive - First plug a flashdrive into the back of your router, where a lot of these scripts, cache and swap file will end up being located.
2.) Use the AMTM tool - Log into your router using an SSH terminal tool, like
PuTTY (for Windows), execute "AMTM", and use the commands "fd" to format your flashdrive, and "sw" to configure a swap file. Minimum recommended size is at least 2GB.
3.) Configure your router to handle scripts - You must first enable the ability for your router to handle custom scripts. From your router UI, go to Administration -> System -> "Format JFFS partition at next boot" (yes) and "Enable JFFS custom scripts and configs" (yes)... reboot your router to enable these changes.
4.) Subscribe to a VPN provider - Picking NordVPN, SurfShark or Perfect Privacy will give you some more awesome functionality with VPNMON-R2, but you can basically pick anything you want. I'm going to use NordVPN in these examples...
5.) Download your VPN server config - Go to your VPN providers server config download page (ex:
https://nordvpn.com/servers/tools/), and pick one (or a selection) of OpenVPN UDP server configs, and download them. It will probably end up with a name like this: "us9488.nordvpn.com.udp.ovpn"
6.) Check the .ovpn contents - The contents of the .ovpn file will contain the security certificates, vpn server name, and configuration parameters. Give it a cursory glance to make sure it looks like everything's there.
7.) Configure your VPN Client Slots - From the Asus-Merlin VPN Client page, pick your 1st OpenVPN Client Slot... click on the "Choose File" button, and select the file you just downloaded, and click the "Upload" button to import it. This will populate most of your settings on this page, but will need to go through, name some things, and make some configuration tweaks. For example, these are the settings I use below... yours might differ based on your preferences.
8.) Apply these custom configuration entries on the bottom of the page - This is an important step! The custom config entries that come with the .ovpn file may work, but aren't the greatest. Please over-copy them with these configuration entries below. These work great for NordVPN, but for many other VPN providers as well. If they don't, revert back or look for some best practice entries for your particular VPN provider:
Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
9). Test your VPN Client! After you hit "APPLY" on the bottom of the Asus-Merlin VPN Client page, slide the on/off switch to ON, and see if you can make a successful VPN connection. If you don't see any errors, and have been able to test that your client(s), network(s), etc. can browse through the VPN, you can crack open that beer in celebration.
10.) Now go configure your other 4 slots! To make the best use of VPNMON-R2, you would want each of your 5 standalone VPN client slots pre-configured in the same way you just did your first. Note: If you're considering using the VPNMON-R2 SuperRandom functionality, you can actually use the same .ovpn file for each of your 4 other slots. Your VPN Slot's "server address" and "description" fields will be automatically filled in by the VPNMON-R2 script when it finds new random servers for you to connect to.
Important: VPN Director is an important element to consider as well, and would recommend creating 5 different entries for each of your 5 VPN Client slots to ensure that your local subnet will ALWAYS route through the VPN no matter which VPN client is currently connected. See below:
11.) Download VPNMON-R2 -- Using the AMTM tool, download and install VPNMON-R2. From it's main menu, type "sc" to setup and configure the script. You can use the defaults in place to run it with minimal functionality, or go through and make selections based on your particular environment.
12.) Profit! Now go ahead and enjoy the experience...
Gotchas
- If you want to make the integration with VPNMGR, please make sure you have installed VPNMGR, have populated your VPN slots with it, have tested refreshing its cache, and that you are able to successfully connect to your VPN provider before running this script. You may find the program and installation/configuration information here: https://www.snbforums.com/threads/v...ent-configurations-for-nordvpn-and-pia.64930/
- Make sure you keep your VPN Client slots sequential... don't use 1, 2, and 4... for instance. Keep it to 1, 2, and 3.
- If you're using the NordVPN SuperRandom(tm) functionality, please be sure that each of your VPN slots are fully configured, as this function will only replace your "server address" IP and the "description" in NordVPN - [CITY] format. It is also important to disable the VPNMGR update so they don't conflict.
Known Issues
- After installing, and if you see VPNMON-R2 continually resetting due to a "Ping/HTTP response failed" in your logs, then please read the following...
- It has recently come to my attention that if you are using AdGuard Home, (perhaps even other site blocking tools like Diversion or Skynet), there is a chance that it may break VPNMON-R2's functionality, because it's blocking sites that I need to resolve IP addresses. Namely, please make sure you have unblocked
https://ip4.icanhazip.com
from your blacklists.
- Here are the instructions on how to add this to your whitelist in AdGuard Home (thanks to @cptnoblivious)
- Adguard home web interface | Filters | Custom filtering rules
- Add: @@||ipv4.icanhazip.com^
- Hit "Apply"
Auto-Startup Guidance
- Great news! Auto start capabilities have been added to VPNMON-R2 as of v2.48! It uses the basic methodology as described below...
- This is the way that many prefer to start the script using something more simple (below), or going all out (courtesy of @iTyPsIDg), though the choice is yours:
Code:
Editing your 'post-mount' file under /jffs/scripts, use the 'nano' commandline tool add this line:
(sleep 30 && /jffs/scripts/vpnmon-r2.sh -screen) & # Added by vpnmon-r2